Saturday, September 28, 2013

Cheaper than a big fence? Perhaps we could start this in our boarder states? Can you see Texas asking, “Papers, y'all.”
Dana Smith reports:
Those who call for the introduction of a national identity card “must also understand there are civil liberty implications” that can arise as a result, Foreign Affairs and Immigration Minister Fred Mitchell said yesterday.
Such implications, he explained, could include being stopped on the street at any time and asked by authorities to show a national ID card as proof of legal residency.
It was last Thursday that National Security Minister Bernard Nottage said “the time has come” for the country to consider the introduction of such a card, considering the Bahamas’ long-standing illegal migration problem.
Read more on Tribune242.


“We respond with complete indifference. We don't process your data, we have a contractor in Addis Abeba who does that for us. As does Twitter and Facebook and a bunch of others.”
It’s been a good day for consumers in California. Governor Brown signed SB-46 into law, expanding business’s data breach notification obligations to consumers whose online account data has been breached. He also signed AB-370 into law. The law requires a site operator to disclose how it responds to “do not track” signals or other mechanisms that provide consumers a choice regarding the collection of personally identifiable information and the collection of their activity across sites.
The bill also requires the operator to disclose whether other parties may collect personally identifiable information when a consumer uses the operator’s site or service.
AB-370 amends Section 22575 of the Business and Professions Code by adding the following three requirements:
(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.
(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.
(7) An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.

(Related) California is “solving that Internet problem”
Governor Jerry Brown signed SB 46 into law today.
Dominique R. Shelton and Paul G. Martinoof of Alston & Bird had a good summary of the changes the law makes:
Read more of Alston & Bird’s advisory. The amendments go into effect in January, 2014.


Is anyone keeping score? Has the government actually won any of these? Do they have to give up when their record hits 0-99?
Mark Jaycox writes a welcome government transparency smackdown by the courts:
A federal judge ordered the government to unseal more documents concerning the NSA spying programs by December 20, 2013. The judge issued the ruling in EFF’s lawsuit, Jewel v. NSA, which began in 2008 over the NSA spying program initiated by the Bush Administration, which continues to this day.
In light of the declassifications inspired by the June leaks, Judge Jeffrey White ordered the government to unseal any declassified material, like exhibits, declarations, and other ex parte submissions that the government had previously submitted to the court under seal.
Read more on EFF.


We knew that, didn't we?
Adam Klasfeld reports:
The FBI has been deploying unmanned aircraft for domestic surveillance for seven years, though the agency first acknowledged their use in July, the Justice Department’s inspector general reported Thursday.
FBI Director Robert Mueller revealed the program’s existence during congressional testimony. The inspector general’s first audit of the program reveals that it did not develop specific policies to protect the privacy of U.S. citizens or the integrity of the evidence the drones purport to collect, the audit found.
Read more on Courthouse News.


I wonder if there is a mathematical formula that establishes a cutoff level of risk insurers are willing to accept? If so, do they ever share it with customers before they deny coverage?
Law360.com reports that St. Paul Fire and Marine Insurance Company wants a court to rule it’s not responsible for $7 million in liability coverage in a class action lawsuit brought against online ticket broker Vendini. Subscription required to read the article.
Coverage of the Vendini hack can be found in these posts.


Perspective. I'm not sure yet what this means, but I am sure it is important beyond the first Blackberry President being scooped. Imagine if one president had contradicted the other...
Today in Modern Diplomacy: The U.S. President Gets Scooped by a Tweet
Earlier today, President Obama and the Iranian president Hassan Rouhani had a phone call. The discussion was, it seems, substantial: Among its topics was Iran's nuclear program. But the content of the conversation was only one thing that made the call a big deal; even more significant was the fact that any conversation took place at all. The talk marked the first direct communication between a U.S. president and an Iranian president since 1979, when the Islamic Republic was installed and the Shah ousted and the diplomatic relations between the two countries all but severed. The talk itself – the gesture of it, the meaning of it -- was, in other words, big news.
Which was why President Obama, a few minutes ago, called a press conference to announce the conversation to the media. "Just now I spoke on the phone with President Rouhani," Obama told convened reporters. The call, he added, "underscores the deep mistrust between our countries, but also indicates the prospect of moving on that difficult history."
Again: big news! Except that the call was not news to many of the people who were gathered to hear it. Minutes before Obama began his speech, today at 3:35 pm Eastern time, Hassan Rouhani, via his (unverified) English-language Twitter account, tweeted the following:
Phone conversation between @HassanRouhani and @BarackObama


Isn't this rather old school or even Ludd-esque? Shouldn't we be encouraging anything that makes health care (especially mental health care) more widely available? Skype should be easy to secure. There was no indication the diagnosis was wrong in any of the articles...
Telemedicine has always held great promise. In my field, it could allow experts in movement disorders to actually observe a patient in a remote area where no experts were available to see what the abnormal movements look like and to interview the patient. And I’ve often had patients request therapy sessions by Skype or FaceTime (I’ve always declined such requests). State laws regulate the use of telemedicine and the communications systems, and practitioners need to know their state’s laws. They also need to be aware of the privacy and security concerns associated with various communication systems. See, for example, this somewhat frightening report by Declan McCullagh on how NSA can eavesdrop on Skype.
Mike Stinebiser writes:
Just as the September 23 enforcement deadline of the new HIPAA rules arrives, The Oklahoman reports a case of a doctor who did not take heed of state health regulations for practicing telemedicine. Dr. Thomas Trow is being disciplined for prescribing powerful meds to mental health patients over Skype video chat without ever having seen them in person. With few exceptions, most state health laws require an initial in-person visit to establish a patient-physician relationship before before a doctor can treat a patient over video conference. This includes prescribing drugs, rendering diagnoses, and performing other medical services during a virtual visit. In addition, medical board documents also show that Skype video chat, which Dr. Trow was using, is not an approved telemedicine communication system.
Read more on vsee.com


I know I've mentioned this before...
– is free and multi-platform dynamic mathematics software for all levels of education that joins geometry, algebra, tables, graphing, statistics and calculus in one easy-to-use package. Graphics, algebra and tables are connected and fully dynamic. It has an easy-to-use interface, and an authoring tool to create interactive learning materials as webpages. It’s open source software freely available for non-commercial users.


For my programming students. Free is good!
Powerful Python IDE PyCharm Community Edition Now Available For Free
Developer JetBrains is well-known for their sophisticated IDEs (integrated developer environments), but their tools usually cost money to use. That is not always the case, however. The company has recently released a new version of their PyCharm IDE in two different flavors, one of which is entirely free.
Aimed at helping developers create scripts and applications using the Python programming language, PyCharm is now offered in a Professional Edition (starting at $99 for a personal license), as well as in a Community Edition which anyone can download and just use to their heart’s content under the free and open-source Apache 2 license.


Every week, free humor. It's wonderful.
… Students in Indiana managed to bypass the security on their school-issued iPads within hours of receiving them, reports Education Week. [Same thing in LA Bob]
California has passed a law (SB 568) that would require websites and apps aimed at minors to give them the ability to erase their personal data or any information they post. Although it might sound like a win for privacy, there are lots of concerns about how exactly this will be implemented. A critical look at why the bill won’t work via Forbes. [I hadn't seen that. Bob]
Indiana state lawmakers are weighing whether to expand “Stand-Your-Ground” laws to schools, “changing the law to protect a person who may resort to deadly force to prevent a school massacre.” WTF. [Contrast with the next one Bob]
… Darnell Hamilton, age 17 with a 4.0 GPA, has been charged as an adult with two felonies – unlawful use of a weapon and possession of a firearm in school – for bringing a gun to his Chicago school on Tuesday. Hamilton's mother said that he felt he needed the gun to protect himself from the gangs he must pass through in order to commute to and from his school. That's Urban Prep, a charter school that boasts all its seniors get into college. Hamilton has already been promised a scholarship to Ohio State; no word from the school if they will take disciplinary action.
The Carnegie Foundation for the Advancement of Teaching has partnered with the startup NovoEd to offer a MOOC for remedial math students. NovoEd does boast more student support with its online offerings, and the Cargenie Foundation claims it has a good track record with its developmental math offerings. So we’ll see…
Nearly 200 colleges and universities have cut adjunct hours in order to avoid having to pay for their employees’ healthcare as mandated by the Affordable Care Act.

Friday, September 27, 2013

Is this “correctable?”
Google's reading of Gmail e-mail can be challenged, judge rules
A class-action suit targeting Google's scanning of Gmail messages to deliver targeted advertising can go ahead, based on a federal anti-wiretapping law, a judge ruled Thursday.
Google had filed a motion to dismiss the suit, saying that in regard to the Wiretap Act, its scanning of e-mail content was, first, part of the ordinary course of its business as an e-mail provider and, second, something consented to by Gmail users and the people with whom they e-mail.
US District Judge Lucy Koh in San Jose, Calif., bought neither of those arguments, however. In her ruling, she writes in regard to the first point that "Google's alleged interception of e-mail content is primarily used to create user profiles and to provide targeted advertising -- neither of which is related to the transmission of e-mails." On the second point she found that Google's various user agreements and privacy policies were not explicit about the company's scanning of e-mail content to serve up tailored ads.


An article for my Android students...
http://www.makeuseof.com/tag/android-is-watching-8-ways-a-typical-smartphone-is-monitoring-you/
Android Is Watching: 8 Ways A Typical Smartphone Is Monitoring You
Android automatically backs up your Wi-Fi passwords to your Google account, where they’re synced to your future Android devices. This is a convenient feature that saves you from entering Wi-Fi passwords over and over, but it means that Google likely knows all your Wi-Fi passwords. And, given recent revelations about PRISM and the NSA’s ability to demand data from Google without a warrant, the NSA likely has access to all of them. But Wi-Fi passwords aren’t the only thing that Google — and therefore the US government and other governments around the world — can get from your phone.
… We could write similar articles about how the iPhone, Windows Phone, and other platforms collect and store data.

(Related) Of course your phone will never be stolen, but still...
Lock Your Android Device Remotely With The Android Device Manager
The Android Device Manager was launched last month. Now in a recent update, Google has added remote lock and password reset features to further add to your peace of mind. The Android Device Manager has location tracking features and also allows you to securely wipe of your data in case the phone or tablet is irretrievable.


Some Apps for my iPhone packing students...
How To Automate Your iPhone To Adapt To Your Routine


This looks like a “freemium” model that starts with a minimal option rational people will want to upgrade from.
How the U.S. Airline Industry Found Its Edge
… Between 2001 and the end of 2008, for example, no less than 15 U.S. airlines filed for bankruptcy. Around 2008, however, something unexpected occurred. Airlines suddenly leveled off. In the past few years, profits have become positive across the industry, and market caps are soaring from prior lows.
So what happened? The turnaround can’t be attributed to a bold, Da Vinci-esque initiative such as new carbon fiber aircraft, the pioneering of new markets or even low-cost innovation. Rather, it was the result of something far more modest: the slicing of airlines’ base offerings into customizable “options and extras.”


A simple illustration of Arbitrage.
A step-by-step guide to profiting off a 3-cent hike on US postage stamps
Yesterday, the US Postal Service (USPS) made a strange announcement: anybody who wants to turn a quick profit at its expense will have an opportunity to do so come January.
What it actually said is that on January 26 next year, it wants to hike the price of a first-class stamp from $0.46 to $0.49. Stamp prices are normally increased by about 1 or 2 cents a year to match inflation. This 3-cent increase, which has to be approved by the US Postal Regulatory Commission, is large enough that it creates an opportunity for arbitrage in so-called “forever” stamps, which hold their value regardless of changes in postage price.


Sometimes I have to remind students that we didn't always have Google...
Easter egg lets you Google like it's 1998
… Searching for "Google in 1998" brings you to a retro version of Google, complete with the old logo.
One big caveat: you can't actually do a new search
[and this is how we did it before online Google: http://www.google-classic.com/


For the next time I teach spreadsheets...
7 Ways To Make A Google Map Using Google Spreadsheet Data


The problem is (as always) finding the time to learn the tools that are supposed to save me time.
How To Use Learnist To Effectively Organize Your Learning & Teaching
Learnist is a learning board for the digital age. The web application itself describes a “learn board” as a “set of learnings organized as a series of steps for people to learn.” You can also look at a learning board as a container for any content that helps you understand things you are interested in.
… The smallest unit on Learnist is a “Learn board”. You can create learn boards by adding the URL of a webpage, uploading your own content, or using the Learnist bookmarklet to collect resources while browsing the web. Learn boards can be curated with images, videos, maps, Wikipedia articles or simple plain text. A sequence of content curated on a learn board and stepped in the right order takes a learner through any topic, just like the chapters of a book.
To demonstrate the working of learn boards, let me point you to Learnist’s own Help section which tells you all about how the web application works. The sequence of nine learn boards tell you everything you need to know to create learning capsules for yourself here.

(Related) This has been installed for months. All I need is 26 hours in a day...
Evernote’s New Web Clipper Is The Ultimate Content Saving Tool

Thursday, September 26, 2013

They didn't expect praise, did they? This isn't whistle blowing, it's digital paparazzi.
Hackers crack major data firms, sell info to ID thieves, says report
An illegal service that sells personal data "on any U.S. resident" -- which can then be used for identity theft -- hacked into servers at several major data aggregators including LexisNexis and Dun & Bradstreet, according to a report.
The service's customers have, the report said, "spent hundreds of thousands of dollars looking up SSNs, birthdays, driver's license records, and obtaining unauthorized credit and background reports on more than 4 million Americans."
In an article Wednesday, former Washington Post reporter Brian Krebs, who now writes the KrebsOnSecurity blog, outlined how a site called Expose.su managed earlier this year to post financial information on celebrities and government officials.
The site's activities triggered an FBI investigation, in part because Expose.su managed to publish the Social Security Number, address, and a credit report of then-FBI Director Robert Mueller.
According to Krebs, Expose.su (think "exposes you") got its info from another site, ssndob.ms, or SSNDOB (think "Social Security Number" and "date of birth"), which got the data by way of a small botnet it operates. The botnet appears to have access to compromised servers at several large data brokers in the United States, including LexisNexis, Dun & Bradstreet, and Kroll Background America. (And, in regard to the bot program installed on the hacked servers, Krebs reported that "none of the 46 top antimalware tools on the market today detected it as malicious.") [Probably because it is not. Bob]
… Krebs, who got his hands on a copy of SSNDOB's database, reported that a closer examination of it indicates that since SSNDOB came on the scene early last year, the service has sold more than 1.02 million unique SSNs and nearly 3.1 million date of birth records.
SSNDOB markets itself on underground cybercrime forums, Krebs said, and sells data at prices that "range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks.


Another school board outsmarted by students. Why would anyone think this would not happen? Shouldn't they be rewarding this kind of independent learning? (My guess, it took a week for anyone to notice, but no time at all to hack the iPads.)
LAUSD halts home use of iPads for students after devices hacked
LAUSD students have figured out how to bypass security restrictions on iPads issued to them by the school district, giving them access to non-scholastic Internet sites.
Following news that students at a Los Angeles high school had hacked district-issued iPads and were using them for personal use, district officials have halted home use of the Apple tablets until further notice.
It took exactly one week for nearly 300 students at Theodore Roosevelt High School to hack through security so they could surf the Web on their new school-issued iPads, raising new concerns about a plan to distribute the devices to all students in the district.
… Students began to tinker with the security lock on the tablets because "they took them home and they can't do anything with them," [This is modern education? Bob] said Roosevelt senior Alfredo Garcia.
Roosevelt students matter-of-factly explained their technique Tuesday outside school. The trick, they said, was to delete their personal profile information. With the profile deleted, a student was free to surf.


Interesting. Being “most qualified” does not mean “any good.”
Seen on RT:
Supreme Court Justice Antonin Scalia said Wednesday the court eventually will have to determine the legality of far-reaching National Security Agency spying programs, though he is not convinced the court is equipped to based on modern security threats.
Scalia, speaking at the Northern Virginia Technology Council, said elected officials are most qualified to discern how much personal information of Americans the NSA can collect, and under what circumstances.
Read more on RT.
Well, they might be most qualified if they were actually informed, but we’ve already seen complaints where members of Congress were kept in the dark or not shown government documents that they supposedly should have had access to.
But even then, Congress may be willing to “give up a little privacy for security” so to speak, and laws they pass may not be constitutional, so eventually this will get to SCOTUS.


So simple. So true.
Gotta love xkcd.
If you’re not a regular reader of xkcd: (1) why not? and (2) remember to hover over the cartoon to see the alt text.


What sounds simple in the brainstorming session turns out to be a bit more complicated. Even if Yahoo is willing to “forget,” others are not. The “Right to be forgotten” is not observed by all players at the same time. Did Yahoo send notices to everyone on the “Recycled User's” contact list?
Kristin Burnham reports:
Yahoo announced late Tuesday night that the company plans to roll out a tool for recipients of recycled email accounts to return messages that were not intended for them. [And if they accidentally 'return' one that was meant for them? Bob] InformationWeek reported Tuesday on three [Potentially many more Bob] Yahoo users who began receiving emails containing personal information intended for the former user — including bank and wireless account information — after signing up for a recycled Yahoo account.
The new button, called “Not My Email,” will roll out this week and will be found under the “Actions” tab in users’ inboxes. The button will help users of recycled accounts train their inboxes [Potential to 'automatically' return the wrong email Bob] to recognize which email is intended for them and which is not, eventually rejecting email before the user has read it.
Yahoo said it also plans to offer help to users who have lost their Yahoo account due to inactivity. These steps include the option to reclaim your old account; outreach to users by phone and email; and extending the grace period for inactive accounts. Yahoo did not say when the option to reclaim an inactive account would be available.
Read more on InformationWeek.
It’s nice that honest netizens can report “not my mail,” but thanks to Yahoo!’s ridiculous recycling plan, there’s nothing that stops people from reading e-mail that was not intended for their eyes – as an earlier report by InformationWeek showed. They are considering a ”Require-Recipient-Valid-Since” protocol, but the sooner they fix this security and privacy mess that they’ve created, the better.


Another simple money saving idea that needed more research...
Loek Essers reports:
Schools that compel students to use commercial cloud services for email and documents are putting privacy at risk, says a campaign group calling for strict controls on the use of such services in education.
A core problem is that cloud providers force schools to accept policies [Only if they say “Yes” Bob] that authorize user profiling and online behavioral advertising. Some cloud privacy policies stipulate that students are also bound by these policies, even when they have not had the opportunity to grant or withhold their consent, said privacy campaign group SafeGov.org in a report released on Monday.
Read more on CIO.


I suggest a Law School course titled “Technology for Lawyers”
'The First Time a Tumblr Has Been Used in an Argument in a Supreme Court Brief'
"Amicus Tumblr" has a certain ring to it, no?
On October 8, the Supreme Court will hear arguments in McCutcheon v. Federal Election Commission. The case centers on whether aggregate limits on donations to campaigns are constitutional, an extension of the legal logic behind the infamous Citizens United decision.
Before the Court hears arguments, though, the justices will have already consulted something unique: A legal document predicated on a Tumblr. According to Lawrence Lessig, the Harvard Law professor filing the brief, it’s the first time a Tumblr has been used in a Supreme Court filing.
On his own Tumblr this morning, Lessig (who’s also a contributor to The Atlantic) explained the reasoning:
The basic argument of the brief is that the Framers of the Constitution used the word “corruption” in a different, more inclusive way, than we do today. The Tumblr captures 325 such uses collected from the framing context, and tags to help demonstrate this more inclusive meaning.
… The Tumblr is already online (at ocorruption.tumblr.com), and its sidebar promises to “[collect] every use of the term ‘corruption’ among the records of the Framers.” Every entry consists of the name of one of the founders, a date, a block quote with all usages of corruption in bold, and a source. On July 25, 1788, for instance, James Iredell pronounced to North Carolina’s Constitutional Convention that the King of England:
has the disposal of almost all offices in the kingdom, commands the army and navy, is head of the church, and has the means of corrupting a large proportion of the representatives of the people, who form the third branch of the legislature.


Would our Congress look here for ideas? Laws that are “Worst Practices?”
Commentary – The ‘Legalization’ of China’s Internet Crackdown
Stanley Lubman – “Internet usage – especially microblogging on Sina Weibo, China’s largest Twitter-like social media site – is presenting new challenges and new attempts to meet them from a government determined to maintain control. In recent months Beijing has launched a multi-pronged offensive against online criticism of current policies and institutions that includes a propaganda campaign, arrests and a duplicative new legal rule that attempts to justify the response and deter future online critiques. This call to battle is not new, but its codification in legal dress is disturbing and represents a magnified threat to online discussion and dissent in China.”


Perspective. I'm surprised it waited this long. When will (more) big city papers follow?
World's oldest newspaper to end print edition, go digital only
After nearly 280 years in print, the world's oldest continuously published newspaper is stopping the presses in favor of a digital presence.
Lloyd's List, which was founded in 1734 as a notice posted to a London coffee shop's wall, announced Wednesday it will cease its print edition in December. The newspaper is widely regarded as the leading source of news and analysis for the global shipping market.
… "The overwhelming majority of our customers choose the capabilities of digital over print," editor Richard Meade said in a statement noting the advantages of a digital-only model.
… The Seattle Post-Intelligencer stopped publishing a print edition in March 2009, followed the next month by the Christian Science Monitor. Magazines such as Newsweek and US News & World Report have followed suit, choosing to publish only on the Internet.


For the Swiss Army toolkit.
– Turn back time? Yes! Intermission lets you pause and rewind live audio on your computer. Streaming audio will never be the same! With Intermission, you can jump back and replay something you missed, then resume live playback. You can even pause streaming audio on services like Pandora, iTunes Radio, or Spotify to build a buffer, then skip right past the ads and songs you don’t want to hear.

(Ditto) I'll check this one out...
– The Internet is forever. Your private communications don´t need to be. Wickr is a free app that provides military-grade encryption of text, picture, audio and video messages, sender-based control over who can read messages, where and for how long, best available privacy, anonymity and secure file shredding features, and security that is simple to use.


Have you been watching this? Un-possible! (The boats that fly are amazing!)
Oracle Team USA caps stunning comeback to win America's Cup
Skipper Jimmy Spithill and Oracle Team USA won the America's Cup on Wednesday with one of the greatest comebacks in sports history.
Spithill steered Oracle's space-age, 72-foot catamaran to its eighth straight victory, speeding past Dean Barker and Emirates Team New Zealand in the winner-take-all Race 19 on San Francisco Bay to keep the oldest trophy in international sports in the United States.
[Also see:


We have a huge color printer and we're not afraid to use it!


Dilbert illustrates the downside of winning an argument.

Wednesday, September 25, 2013

I'm sure I've made this point before, “Compliant” is not the same as “Secure.” Just because you have taken “reasonable measures” to secure your data does not mean that the bad actors will not take “completely unreasonable” (Call it sophisticated or extreme) measures to get at your data. Remember if it works against you, it might also work against hundreds of other “compliant” organizations. Is it unreasonable to expect an organization to know what data is leaving its servers?
We are writing to you because of an incident at Unique Vintage. On September 14, 2013 we discovered a data security incident that involved some of your personal information. Unique Vintage is Payment Card Industry Security Standards Council (“PCI”) compliant and implements the latest measures reasonably possible to protect its customers’ sensitive information. However, the very sophisticated data breach concerning this incident involved malicious malware that was siphoning customer information from Unique Vintage’s website from approximately January 2012 until September 14, 2013. The information breached contained customer names, email addresses, telephone numbers and credit card numbers.
Read more of Unique Vintage’s consumer notification letter here (pdf).


For my Ethical Hackers. Time is money. All you have to do is beat the other guy...
Somebody Stole 7 Milliseconds From the Federal Reserve
Last Wednesday, the Fed announced that it would not be tapering its bond buying program. This news was released at precisely 2 pm in Washington "as measured by the national atomic clock." It takes 7 milliseconds for this information to get to Chicago. However, several huge orders that were based on the Fed's decision were placed on Chicago exchanges 2-3 milliseconds after 2 pm. How did this happen?
CNBC has the story here, and the answer is: we don't know.


Several interesting points...
If you haven’t already bookmarked JustSecurity.org for daily reading, do so now.
Julian Sanchez writes:
Between Edward Snowden’s ongoing leaks and a series of frankly unprecedented disclosures by the government itself, the public now knows quite a bit about the NSA’s controversial telephony metadata program, which makes use of the Patriot Act’s §215 to collect, in bulk, nearly all Americans’ domestic call detail records from telephone carriers. We know far less, however about the government’s bulk collection of Internet metadata under FISA’s pen register/trap-&-trace authority, which supposedly ceased in 2011—though some such collection almost certainly continues in a more limited form.
Read more on Just Security.
[From the article:
The crucial point here is that the detailed “metadata” for a particular Internet communication, past the IP layer, typically wouldn’t be processed or stored by the ISP in the way that phone numbers and other call data is stored by the phone company. From the ISP’s perspective, all of that stuff is content.

(Related) Perhaps they are reading a different constitution?
Nathan Freed Wessler writes:
The Drug Enforcement Administration thinks people have “no constitutionally protected privacy interest” in their confidential prescription records, according to a brief filed last month in federal court. That disconcerting statement comes in response to an ACLU lawsuit challenging the DEA’s practice of obtaining private medical information without a warrant. The ACLU has just filed its response brief, explaining to the court why the DEA’s position is both startling and wrong.
Read more on the ACLU.


How many others should join this quest?
Dropbox has filed an amicus brief in support of a consolidated brought in the FISC by five tech giants seeking to be more transparent with the public about government requests for user information.


You get one “Please,” after that it's “or else.”
Rosalind English writes:
R (on the application of R) v Chief Constable [2013] EWHC 2864 (Admin) 24 September 2013 – read judgment
The High Court has ruled that it is not a breach of the right to private life to request DNA samples from those who were convicted of serious offences before it became commonplace to take samples for the production of DNA profiles for the investigation of crime.
Read more about the case and ruling on UK Human Rights Blog.
[From the article:
He refused to give the sample when it was sought initially, so he was sent a letter requiring him to attend at a police station to provide the sample on pain of arrest. He applied for judicial review of this requirement, arguing that it was an unlawful incursion on his right to privacy under Article 8.
In the light of the fact that the claimant’s previous convictions had been for manslaughter and kidnapping, the police had identified him as falling within the criteria for a nationwide operation [Sort of an informal, retroactive law? Bob] to ensure that those convicted of homicides and/or sexual offences have a confirmed DNA profile held on the National DNA Database.


For my Cloud Security students.
UK – Protecting Vulnerable Data Subjects
“The use of commercial cloud services by public organisations in Europe is growing. While the benefits of cloud computing are indisputable, the public sector contains certain particularly sensitive or vulnerable user populations whose privacy requires special protection. Critical examples include civil servants employed by local or national governments and – the subject of particular emphasis in this report – children in schools.
The most widely used cloud services today are typically free or very inexpensive offerings designed as vehicles for online behavioural advertising aimed at individual consumers. SafeGov.org is concerned that by repurposing such advertising-driven services for users within organisations, cloud providers may deliberately or inadvertently expose these data subjects to online advertising, profiling or other forms of personal information processing that violate their rights under EU data protection laws. The risk is particularly acute in the absence of constraints on the contractual relations between data processors and data controllers that ensure the rights to information and consent of the data subjects in these organisational contexts.”


The pendulum has swung a bit too far here.
7th-grader suspended for playing with airsoft gun in own yard
A seventh-grade student in Virginia Beach, Va., has been suspended from school for playing with an airsoft gun with a friend in his front yard while waiting for the school bus.
WAVY-TV reports that 13-year-old Khalid Caraballo will find out soon if he will be expelled for "possession, handling and use of a firearm" because the guns were fired at two others playing in Caraballo's yard.
A neighbor saw Khalid shooting the airsoft gun in his yard and called 911, telling the dispatcher, "He is pointing the gun, and it looks like there's a target in a tree in his front yard," the station reported.
The school's so-called "zero-tolerance" policy on guns extends to private property, according to the report.
Khalid's mother, Solangel Caraballo, said it's ridiculous that her son and his friends were suspended because they were firing the airsoft gun on private property.
"My son is my private property. He does not become the school's property until he goes to the bus stop, gets on the bus, and goes to school," Caraballo told the station.
… "The school said I had possession of a firearm. They aren't going to ask me any questions. They are going to think it was a real gun, and I was trying to hurt someone," he said


Is this what makes it a great investment? Definitely worth reading the article.
Josh Harkinson writes:
Facebook gets all the bad press, but the bigger threat to your online privacy these days might be your Twitter account. Twitter knows you much better than you may realize. And as it prepares for an IPO, it’s taking steps that may allow it to profit from your data in ways that would provoke howls of protest were Mark Zuckerberg to try the same.
Read more on Mother Jones.
[From the article:
Much of the data Twitter collects about you doesn't actually come from Twitter. Consider the little "tweet" buttons embedded on websites all over the net. Those can also function as tracking devices. Any website with a "tweet" button—from Mother Jones to Playboy—automatically informs Twitter that you've arrived.
… These moves might seem quaint a year from now, when Twitter ranks as the most sophisticated advertising platform in cyberspace. Earlier this month, the company announced that it was acquiring MoPub, a middleman that places ads within mobile apps. "The MoPub acquisition allows Twitter to fundamentally change how mobile ads are purchased and places them at the forefront of how mobile, Web, and social ads interact," Antonio Garcia, a former Facebook employee and creator of its FBX real-time ad exchange, wrote on his blog last week. "This makes Twitter the most interesting company in advertising right now."

(Related) Your own, personal “stalker tool.”
– When you evaluate a Twitter Profile, whether to follow them or to reach out to them as an infuencer, you can’t get a good idea about them unless you manually go through page after page of their tweets. Twibitz was created to solve this problem by analyzing any public Twitter profile and creating a snapshot of that user based on their profile and history.


Something to kick around with my fellow Computer Security instructors...
Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making
“This report examines workforce requirements for cybersecurity and the segments and job functions in which professionalization is most needed; the role of assessment tools, certification, licensing, and other means for assessing and enhancing professionalization; and emerging approaches, such as performance-based measures. It also examines requirements for the federal (military and civilian) workforce, the private sector, and state and local government. The report focuses on three essential elements: (1) understanding the context for cybersecurity workforce development, (2) considering the relative advantages, disadvantages, and approaches to professionalizing the nation’s cybersecurity workforce, and (3) setting forth criteria that can be used to identify which, if any, specialty areas may require professionalization and set forth criteria for evaluating different approaches and tools for professionalization. Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making characterizes the current landscape for cybersecurity workforce development and sets forth criteria that the federal agencies participating in the National Initiative for Cybersecurity Education—as well as organizations that employ cybersecurity workers—could use to identify which specialty areas may require professionalization and to evaluate different approaches and tools for professionalization.


For my students who research (it should be all of them!)
A brief guide to discovering open access journals and articles on ScienceDirect
News release: “At Elsevier, we have been busy scaling our open-access publishing program; we now publish 56 open-access journals and host a further 91 on behalf of our society and publishing partners. However, you may not know how to navigate to these journals and articles. Here are some tips to help you find this content easily.
1. Find a list of open-access journals: You can navigate to our list of open access journals from the ScienceDirect homepage by clicking the link for our “Open Access Journal Directory” or bookmarking http://www.sciencedirect.com/science/browse/all/open-access.
2. Find a list of all journals that have open-access articles: In addition to our 56 open access journals, we give authors the option to publish open-access articles in over 1,600 of our established journals. Find a list of these journals on the ScienceDirect homepage by clicking “View all publications with Open Access articles.” Once you are in the publication list, you can limit your results to open-access journals or journals that contain open-access articles by selecting the appropriate filter checkboxes.
3. Find a list of open-access articles: The easiest way to find relevant open-access articles is to search ScienceDirect. By keying in your search terms, you will be able to identify any relevant open-access articles in your search results by looking for the label “Open Access.” .
4. Search only for open access articles: If you would prefer to see filtered results that only show open-access articles, then you need to use the advanced search. In the advanced search, you can refine your search results to only show open-access articles by selecting the checkbox for Open Access Articles.”


It looks like I'll get to play with the school's 3D printer. I better start gathering some 3D tools. This one is more for display than printing.
The Future Is Here: Sketchfab Puts 3D Models Right In Your Browser
With free, powerful 3D modeling applications like Blender and SketchUp, creating high-quality 3D models is more affordable and doable than ever before. Judging by the comments to my interview with Rafael Grassetti, there’s lot of interest in creating models and working in 3D. Sharing those models with others, however, remains tricky. SketchUp has its 3D Warehouse where users can share models, but the warehouse requires you to log in — and you must share the actual model, rather than a 3D render of it.
Sketchfab is an interesting service that tries to solve this, by letting you upload 3D models and embed them in beautifully rendered form anywhere on the Web. No plug-ins are required to view your embedded models: Just HTML5. Even if you’re not a 3D designer, the Sketchfab website is a beautiful repository of inspiring designs, and is fun to just cruise around in.

(Related)
Autodesk and Circuits.io Launch New Electronics Design Tool 123D Circuits
Autodesk expanded its offering of free 3D modeling tools last week by joining with Circuits.io to launch a free electronics design tool called 123D Circuits. 123D Circuits allows the user to either learn circuit design or put their existing electronics knowledge to use by designing virtual electronic circuits that can be simulated inside of the software. It’s a web-based tool, so the user doesn’t need to install any software to create virtual circuits.
… You can access 123D Circuits directly at the Circuits.io website.


For my Ethical Hackers.
FREE MANUAL! Take Control: The Android Rooting Guide


For my students.
How You Can Learn A New Language While Browsing The Web With Lingua.ly
… The Internet has helped to do away with the language tutor – websites like Duolingo and Busuu can easily tell you if you have an ear for new languages; and how you can develop one. But once you get the basics right, you need to keep practicing. That’s what inspired me to write the article on how to learn a new language with the help of Chrome.
Following in that wake, I discovered Lingua.ly. Lingua.ly is another innovative language learning tool that helps you become familiar with foreign words while browsing the Web.
Lingua.ly is a Chrome extension. Think of it as your smart personal language “tutor”. … Currently, you can learn Spanish, French, Hebrew, Arabic, and English.
… After installing the extension, just go to a webpage which is in the language of your choice. .. On the webpage, click on the words you want to learn. Lingua.ly automatically picks them up and displays the translation for you to understand with the help of audio pronunciations and definitions.


I'm teaching Statistics again next Quarter. It's always useful to find a little inspiration before I start.
Nate Silver on Finding a Mentor, Teaching Yourself Statistics, and Not Settling in Your Career
Perhaps no one has done more for the cause of data-driven decision-making in the minds of the public than Nate Silver. His book, The Signal and the Noise, explains the power of statistical modeling to improve our predictions about everything from the weather to sports to the stock market. Data science is the hottest field to be in right now, and Silver is its poster child.